Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A defense platform for protecting against excessive utilization of at least one cloud service for operation of a cloud-hosted application, wherein the defense platform is deployed out-of-path of traffic between a plurality of end user devices and the cloud-hosted application, comprising: at least one detector; a mitigator; and a controller communicatively connected to the detector and the mitigator; wherein the at least one detector is configured to: receive telemetries from a plurality of sources, wherein each source is configured to collect telemetries related to the traffic between a plurality of end user devices and the cloud-hosted application, wherein the telemetries are out-of-path information with respect to traffic to and from the cloud-hosted application; develop a set of at least one rate-based and at least one rate-invariant features based on the collected telemetries; detect, based on the collected telemetries and at least one learned normal utilization behavior of each cloud service for the cloud-hosted application, excessive utilization of at least one of the at least one cloud service by the cloud-hosted application, the detector being further configured to evaluate each feature in the set of at least one rate-based and at least one rate-invariant features to determine whether a behavior of each feature and a behavior of the set of rate-based and rate-invariant features indicate the excessive utilization of at least one of the at least one cloud service; and wherein the controller, upon detection of the excessive utilization of the at least one cloud service by the cloud-hosted application, is configured to cause mitigation, by the mitigator, of the excessive utilization of each cloud service.
2. The platform of claim 1 , wherein the controller is further configured to: divert traffic related to the excessive utilization of each cloud service by the cloud-hosted application from the plurality of end user devices to the defense platform; cause the mitigator to perform at least one mitigation action including removing illegitimate traffic from the diverted traffic; and cause injection of clean traffic for delivery to the cloud-hosted application, thereby reducing excessive utilization of the at least one cloud service by the cloud-hosted application.
3. The defense platform of claim 1 , wherein the excessive utilization is caused by a distributed denial-of-service (DDoS) attack, wherein the detection of the excessive utilization includes detecting the DDoS attack.
A defense platform monitors network traffic to detect and mitigate excessive resource utilization, particularly when caused by distributed denial-of-service (DDoS) attacks. The platform identifies abnormal traffic patterns indicative of a DDoS attack, such as sudden spikes in connection requests, unusual traffic volumes, or coordinated attacks from multiple sources. Detection involves analyzing traffic data to distinguish legitimate requests from malicious ones, often using machine learning or signature-based methods. Once a DDoS attack is detected, the platform implements countermeasures, such as rate limiting, traffic filtering, or redirecting malicious traffic to decoy systems, to protect the target network. The system may also dynamically adjust its defenses based on the attack's characteristics, ensuring continuous protection against evolving threats. This approach helps maintain network availability and performance by preventing resource exhaustion caused by DDoS attacks.
4. The defense platform of claim 1 , wherein the excessive utilization increases costs associated with using the cloud services for operation of the cloud-hosted application.
5. The defense platform of claim 1 , further comprising: an application delivery controller (ADC), wherein the ADC is configured to inject the clean traffic for delivery to the cloud-hosted application.
6. The define platform of claim 1 , wherein traffic to and from the cloud-hosted application is delivered at least partially via an edge network.
7. The defense platform of claim 6 , wherein a content delivery network (CDN) is deployed in the edge network.
A defense platform for cybersecurity operates within an edge network to protect against distributed denial-of-service (DDoS) attacks and other malicious traffic. The platform includes a content delivery network (CDN) deployed in the edge network to distribute and cache content closer to end-users, reducing latency and improving performance. The CDN also helps mitigate DDoS attacks by absorbing and filtering malicious traffic before it reaches the origin server. The platform further includes a traffic monitoring system that analyzes incoming requests to detect anomalies, such as sudden spikes in traffic or unusual patterns, which may indicate an attack. When an attack is detected, the system dynamically adjusts traffic routing, rate limits, or blocks suspicious IP addresses to maintain service availability. The CDN deployment in the edge network enhances resilience by leveraging geographically distributed servers, ensuring that even if one node is overwhelmed, others can continue serving legitimate requests. This approach improves both security and performance by offloading traffic from the origin server and providing localized protection.
8. The defense platform of claim 1 , wherein the defense platform is a stand-alone cloud computing platform that does not host the cloud-hosted application.
9. The defense platform of claim 1 , wherein the evaluation of each feature includes comparing a value of the feature to one of the at least one learned normal utilization baseline.
10. The defense platform of claim 1 , wherein each detector includes a plurality of fuzzy logic inference system (FIS) engines configured to determine if each feature and a behavior of the set of rate-based and rate-invariant features indicate an excessive utilization based on outputs of the FIS engines.
11. The defense platform of claim 1 , wherein the cloud-hosted application is hosted in a plurality of cloud computing platforms, wherein at least one of the at least one cloud service is hosted in one of the plurality of cloud computing platforms.
12. The defense platform of claim 11 , wherein the plurality of sources includes at least one source configured to collect telemetries in one of the plurality of cloud computing platforms.
13. The defense platform of claim 1 , wherein the cloud-hosted application is at least partially hosted in an on-premises datacenter, wherein at least one of the at least one cloud service is hosted in the on-premises datacenter.
14. The defense platform of claim 1 , wherein the cloud-hosted application is hosted in at least one cloud computing platform, wherein traffic to and from the cloud-hosted application is delivered at least partially via at least one edge network, wherein the plurality of sources includes at least one source deployed in the at least one cloud computing platform and at least one source deployed in the at least one edge network.
15. The defense platform of claim 14 , wherein the at least one cloud service includes at least one cloud service provided via the at least one cloud computing platform and at least one cloud service provided via the at least one edge network, wherein each detector is configured for multiple concurrent detection of excessive utilization of any of the at least one cloud service.
16. The defense platform of claim 15 , wherein the detected excessive utilization includes excessive utilization of the at least one cloud service provided via the at least one cloud computing platform and of the at least one cloud service provided via the at least one edge network.
17. The defense platform of claim 1 , wherein the received telemetries include traffic parameters related to at least one of: layer-7, and layer-3 to layer-4.
18. The defense platform of claim 17 , wherein the at least one detector is configured to detect excessive utilization caused by a distributed denial-of-service (DDoS) attack, wherein the DDoS attack is any one of: a layer-7 flood DDoS attack, a layer-7 slow DDoS attack, and a layer-3 to layer-4 flood DDoS attack.
19. The defense platform of claim 1 , wherein the at least one cloud service includes any one of: a load balancing service, a content delivery network (CDN) service, a firewall service, a web application firewall (WAF) service, a DNS service, an application programming interface, a gateway service, a streaming service, a security service, a storage service, a developer tools, a machine learning service, and a serverless service.
A defense platform is designed to protect cloud-based systems from cyber threats by integrating multiple cloud services to enhance security. The platform addresses vulnerabilities in cloud environments by leveraging various cloud services to detect, mitigate, and prevent attacks. These services include load balancing to distribute traffic and prevent overloads, content delivery networks (CDNs) to optimize and secure content distribution, firewalls to filter malicious traffic, web application firewalls (WAFs) to protect web applications, DNS services to manage domain security, application programming interfaces (APIs) for secure data exchange, gateway services to control access, streaming services for secure media delivery, security services for threat detection, storage services for secure data management, developer tools for secure application development, machine learning services for threat prediction, and serverless services for scalable and secure execution. By integrating these services, the defense platform provides a comprehensive security framework that adapts to evolving threats and ensures robust protection for cloud-based systems. The platform dynamically configures and manages these services to maintain security without disrupting normal operations, offering a unified defense mechanism against cyber threats.
20. A method for protecting against excessive utilization of at least one cloud service for operation of a cloud-hosted application, comprising: receiving, at a defense platform deployed out-of-path of traffic between a plurality of end user devices and the cloud-hosted application, telemetries from a plurality of sources, wherein each source is configured to collect telemetries related to at least one of the at least one cloud service, wherein the telemetries are out-of-path information with respect to traffic to and from the cloud-hosted application; developing a set of at least one rate-based and at least one rate-invariant features based on the collected telemetries; detecting, based on the collected telemetries and a learned normal utilization behavior for the cloud-hosted application, excessive utilization of at least one of the at least one cloud service by the cloud-hosted application, wherein the detecting further comprises evaluating each feature in the set of at least one rate-based and at least one rate-invariant features to determine whether a behavior of each feature and a behavior of the set of rate-based and rate-invariant features indicate the excessive utilization of at least one of the at least one cloud service; and causing mitigation, at the defense platform, of the excessive utilization of each cloud service upon detection of the excessive utilization of the at least one cloud service by the cloud-hosted application.
21. A system for protecting against excessive utilization of at least one cloud service for operation of a cloud-hosted application, comprising: a processing circuitry; and a memory, the memory containing instructions that, when executed by the processing circuitry, configure the system to: receive, at a defense platform deployed out-of-path of traffic between a plurality of end user devices and the cloud-hosted application, telemetries from a plurality of sources, wherein each source is configured to collect telemetries related to at least one of the at least one cloud service, wherein the telemetries are out-of-path information with respect to traffic to and from the cloud-hosted application; develop a set of at least one rate-based and at least one rate-invariant features based on the collected telemetries; detect, based on the collected telemetries and a learned normal utilization behavior for the cloud-hosted application, excessive utilization of at least one of the at least one cloud service by the cloud-hosted application, the system being further configured to evaluate each feature in the set of at least one rate-based and at least one rate-invariant features to determine whether a behavior of each feature and a behavior of the set of rate-based and rate-invariant features indicate the excessive utilization of at least one of the at least one cloud service; and cause mitigation, at the defense platform, of the excessive utilization of each cloud service upon detection of the excessive utilization of the at least one cloud service by the cloud-hosted application.
Unknown
March 16, 2021
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.